The organization defines the security safeguards to be employed to protect the information system against, or limit the effects of, denial of service attacks.